- Scam Alert
- AFP Impersonation
- ReportCyber
- Consumer Safety
- Phone Scam
AFP and Royal Thai Police uncovered a scam script impersonating AFP officers, targeting around 300 Australians via video calls and fake surveillance protocols.
AFP Officer Impersonation Script Recovered in Cambodia Raid
The Australian Federal Police and Royal Thai Police have uncovered a detailed script used by cybercriminals to impersonate AFP officers and defraud Australians. According to a joint media release from the AFP and Royal Thai Police, the document was recovered after the Royal Thai Military located a scam compound in O'Smach, a small town in Cambodia, in January 2026. The raid also recovered AFP logos and signage allegedly used to make the site appear as a legitimate AFP facility during video calls. The AFP identified about 300 potential Australian victims linked to the centre, who were alerted by text message from the National Anti-Scam Centre in February 2026.
What the Script Describes
The recovered script structured a precise conversational narrative for operators to follow. Contributors to community reports on impersonation scams will recognise the pattern: the caller identifies as an AFP officer and tells the victim a bank account has been opened in their name by a suspect tied to a money laundering investigation.
The script then escalated through several stages:
- An encrypted video call to verify the victim's identification and record a formal statement
- A request to identify the fabricated suspect
- A confidentiality agreement entered through a social media application
- Disclosure of detailed bank account and financial information under the guise of assisting the fake investigation
The final stage imposed a so-called temporary surveillance protocol, with check-ins every four hours, mandatory reporting of unknown contacts, and signed or video-confirmed declarations. AFP Acting Superintendent Nuckhley Succar described the operators as organised and professional manipulators, noting the script was designed to exploit victim trust through social engineering.
Pattern and Regional Context
This case fits a broader pattern of offshore scam centres targeting Australians from Southeast Asia. Acting Superintendent Succar noted that such centres are frequently facilitated by serious organised criminal networks, and that those targeting Australians are commonly found in Cambodia, Laos, Thailand, the Philippines, Vietnam, and Myanmar. The structured surveillance protocol described in the script is notable because it manufactures false urgency and isolates the victim, reducing the chance they pause to verify the call.
The recovery sits within Operation Firestorm, launched in August 2024, which has supported five offshore scam centre investigations. The AFP reports the operation has contributed to 560 arrests and the disruption of 15 scam centres across Thailand, the Philippines, Malaysia, and Cambodia.
What Australians Should Do
The AFP stated plainly that it will never ask you to verify bank details or request money over a phone or video call. Based on the agency's ClickFit guidance, the practical steps are specific:
- Pause before acting on any call, text, or email claiming to be from the AFP
- Never disclose account information, passwords, or bank balances over the phone
- Refuse any request to move to a separate phone or video call for verification or protection
- Use strong passphrases and multi-factor authentication on your accounts
- Do not transfer money to a so-called safe account on request
- End the call immediately if a supposed AFP member asks for financial details
How to Report and Check Numbers
If you suspect you have been targeted, report it to police through ReportCyber. If money has already been transferred, contact your bank immediately using the official contact details on their verified channels. Those who recognise a scam but have not sent money can report it to ACCC Scamwatch at scamwatch.gov.au.
Before engaging with an unexpected caller claiming authority, a reverse phone lookup can help you check who called and review community reports tied to that number. If a number matches an impersonation pattern others have flagged, contributors recording that detail helps the next person identify the same tactic faster.